On Monday, OpenAI announced the formation of a new “Safety and Security Committee” to oversee risk management for its projects and operations. The announcement comes as the company says it has “recently begun” training its next frontier model, which it expects to bring the company closer to its goal of achieving artificial general intelligence (AGI), though some critics say AGI is farther off than we might think. It also comes as a reaction to two weeks of public setbacks for the company.
Together, we’ve built an integration that includes intuitive navigation and traceability between source code and binaries, CI/CD with GitHub Actions and JFrog Artifactory, and a unified view of security findings across the software supply chain. By providing full control and visibility across the entire software supply chain, we are accelerating our joint vision of making developers’ lives easier and happier.
A massive uptick in traffic to Fedora’s package mirrors is causing problems for the Linux distribution. Some five million additional systems have started putting additional strain on Fedora’s mirror resources since March and appear to be coming from Amazon’s cloud.
The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges. It’s the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation.
The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations, including packet filtering, network address [and port] translation (NA[P]T), packet logging, userspace packet queueing, and other packet mangling. It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation.
Here we see the fundamental flaw of the system: “AI Overviews are built to only show information that is backed up by top web results.” The design is based on the false assumption that Google’s page-ranking algorithm favors accurate results and not SEO-gamed garbage. Google Search has been broken for some time, and now the company is relying on those gamed and spam-filled results to feed its new AI model.
Internet surveillance, and the resultant loss of privacy, is following the same trajectory. Just as certain fish populations in the world’s oceans have fallen 80 percent, from previously having fallen 80 percent, from previously having fallen 80 percent (ad infinitum), our expectations of privacy have similarly fallen precipitously. The pervasive nature of modern technology makes surveillance easier than ever before, while each successive generation of the public is accustomed to the privacy status quo of their youth. What seems normal to us in the security community is whatever was commonplace at the beginning of our careers.
Recall that in the Danish system each mortgage is backed by a matching bond. As a consequence, mortgage holders have two ways to pay a mortgage: 1) hold the mortgage and pay the monthly payments or 2) buy the matching bond and, in effect, extinguish the mortgage. The latter option is valuable because when interest rates rise, the price of mortgages fall.
…Danish sellers are able to earn a profit when they trade in their low mortgage rates for more-expensive ones, making it easier to move even when rates rise.
In all, it’s a bleak finding that bodes poorly for the collective health of Americans, who are now seeing rises in cases of measles and other vaccine-preventable illnesses. Additional surveys by the APPC in 2021, 2022, and 2023 identified a slight increase in the number of survey takers who specifically believe, falsely, that the MMR (measles, mumps, and rubella) vaccine causes autism. In 2021, 9 percent of respondents falsely indicated that MMR vaccine causes autism, responding that the statement was “definitely true” (2 percent) or “probably true” (7 percent). In 2023, 12 percent of respondents fell into those categories, 2 percent for “definitely true” and 10 percent for “probably true.”
Since the start of 2024, the US has seen a steady march of measles infections nationwide. As of May 31, the CDC has recorded 146 cases across 21 states. Of those cases, 64 were part of a large outbreak in Chicago, which was declared over on May 30.
Regulators strongly prefer that deposits stay within the regulated banking sector. The single largest reason is that they’re worried that households’ immediately accessible stored funds stay safe and accessible. A major follow-up reason, less understood by non-specialists, is that regulated banks are bound to a long list of consumer protection items on the transaction level, not the institution level. A lot of the abuse in the economy happens in $50 and $5,000 increments, rather than multi-billion dollar increments. Regulators sleep happier knowing that this abuse happens at companies with teams of operators standing. Those operators will groan and chalk a disputed transaction, instance of fraud, or glitch in the matrix up to the operational losses budget rather than sticking a user with it.
